The present invention relates to an approach that transforms Hypertext Transfer Protocol (HTTP) requests into Web services trust messages so that they can be processed (consumed) by a Web Services Trust (WS-Trust) Security Token Service (STS).
A large amount of computer network traffic uses HTTP to transport requests between computer systems. In addition, HTTP requests are also used to transport security information by appending parameters used to make authorization decisions to one or more parts of the HTTP message, such as to the header, body, or query component. Security token service applications, however, are designed to process and make authorization decisions based on Web Services Trust (WS-Trust) messages rather than HTTP requests. A challenge exists therefore in providing data included in HTTP requests to these security token service applications.